Target Open Sources Web Skimmer Detection Tool

From securityweek.com

Retail giant Target this week announced the open source availability of an internal tool designed for the detection of web skimming attacks.

Dubbed Merry Maker, the tool analyzes payment page code served to users and network traffic from test payment transactions to identify any malicious indicators. The company says it has been using the tool since 2018 to perform more than one million website scans.

In addition to simulating a real site visitor and saving the generated code and network activity for analysis, the utility searches for new and known malicious domains and creates an alert when any is identified. The tool supports Basic, Kafka, and GoAlert alerts.

[READ: New Open Source Tool Helps Identify EtherNet/IP Stacks for ICS Research]

“Merry Maker continually simulates online browsing and completes test transactions to scan for the presence of malicious code. Merry Maker acts like a guest on Target.com by completing several typical activities including online purchases. While doing so, the tool gathers and analyzes a variety of information including network requests, JavaScript files, and browser activity to determine if there’s any type of unwanted activity,” Target explains

Read more…